Implement proper administrative audit and control settings to help manage privileged account usage. Users should be assigned administrative access on an as needed basis, and those with administrator accounts should only use them when necessary.
Implement and enforce policies requiring users to choose complicated passwords including letters, numbers, and special characters. Passwords should be unique for each user account, and should never be shared with anyone!
For example, after five login attempts, a user account is locked until reviewed by an administrator. This practice is simple, but can help effectively combat false login attempts across your network.
Organizations should implement multi-factor authentication across all company accounts to help add an additional layer of security. Prioritize VPN, email, and corporate accounts.